Read more about us...
Businesses also play a key role in preventing identity theft by establishing responsible information-protection practices and by adopting stricter application verification procedures. Businesses need to protect personal and confidential information for both customers and employees.
Because due diligence can offset a company's liability in an identity case finding, Wisconsin companies are well advised to adopt best-practices for handling their customers' information.
What Businesses Should Do to Protect Customer Information
Develop a comprehensive privacy policy that includes responsible information-handling practices.
Provide vigilant care of a customer's information. Take appropriate care of personal information throughout its entire life cycle. Once it is no longer needed, critical information should be securely destroyed, but it also should be originated, processed and stored securely.
Protect physical access to information. Secure access to critical areas. The use of locked office space, locked cabinets and secure vehicles by trained, authorized personnel provides important protection of critical data, whether it is being used, stored or destroyed.
Practice shredding as the best and preferred destruction practice of paper-based documents. Co-mingling of residual shredded paper and crosscutting or double shredding adds to the secure process, reducing the ability of thieves to recognize or re-create the information.
Pay attention to digital as well as physical documents. Computer media should be cleared of all personal identifying information before being discarded or sent out for repair. Digital information remains on the diskette or hard drive even after being erased. If not properly destroyed, the information can be retrieved.
Consider a unique alternative identifier to Social Security numbers. Don't expose employees' Social Security numbers. Instead, assign an employee number to be used in corporate databases and on public ID badges.
Put limits on data collection to minimum information needed. Always question whether a customer's Social Security number is required.
Securely destroy documents. Secure destruction ensures that personal information does not get into the wrong hands. "Dumpster Diving" and access to critical information that has not been properly destroyed is a leading source of identity theft. Reliable information management companies are available to ensure the proper management of all types of materials throughout the destruction process, from collection to secure shredding.
What Businesses Can Do to Protect Themselves
Protect networks and databases from both internal and external hacking. This includes, but is not limited to, properly configured firewalls, virus/malicious software protection and intrusion detection.
Be aware of how confidential information is transmitted. For example, most e-mail is in clear text. If it is intercepted or accidentally sent to the wrong person, it will be read.
Maintain current crisis plans. Ensure business continuity and security in the event of a disaster. Plans should include emergency response to a crisis and containment, a recovery plan and a continuity plan to stay in business until recovery is complete. Store back-up tapes and files in a secure remote location. Identify a point person or persons who are authorized to retrieve the back-up information.
Maintain secure computer access procedures. Employ secure procedures for granting and removing access to systems. Maintain secure log-on and password procedures for system users.
Train and certify your employees. Employees who have access to critical information should meet certain standards. They should sign a confidentiality/non-disclosure agreement. All employees should be trained in the protection of corporate information. Screen cleaning services and temporary services.
Create clear corporate information security policies. Policies are critical to the establishment and enforcement of good procedures. Conduct regular staff training, new employee orientations and spot checks on proper information care.
Select vendors and business partners who promote and practice the fair and ethical use of personal information. They should adhere to meaningful information privacy policies, invest in state-of-the-art technology to secure data and have a history of being responsible stewards of information.
"It's OK to Tell!" - Work with law enforcement. Many companies do not want to admit when they have a breach in security, so they don't report it. Law enforcement and the legal system can't help control the leak and protect companies and employees unless notification is made.
Businesses that consider themselves identity theft victims should see the Victim's Checklist and the Identity Theft Affidavit.
The Federal Trade Commission - http://www.consumer.gov/idtheft is the nation's primary clearinghouse on identity theft issues.
To compare best practices for secure destruction of documents, three national sources are available:
- ARMA International, the Association of Information Management Professionals. ARMA is a not-for-profit association serving more than 10,000 information management professionals in the United States, Canada and more than 30 other nations. Its mission is to provide education, research and networking opportunities to information professionals. Web site: http://www.arma.org
- NAID, the National Association for Information Destruction, Inc., the international trade association for companies providing information destruction services. Its mission is to promote the information destruction industry and the standards and ethics of its member companies. Web site: http://www.naidonline.org
- PRISM International (Professional Records & Information Services Management) is the not-for-profit trade association for companies that provide their clients with protection, access, retention, storage and disposal of their vital information. Web site: http://www.prismintl.org